Home » Tech Translated — IT Blog for Australian Businesses | All IT Services » An AI Agent Just Ran a Real Cyberattack — Why Not-for-Profits Should Care
All IT Services — AI-driven threats, not-for-profit
By — Managing Director |

Security researchers have just shown what a lot of people in IT have been quietly dreading: an attack where an AI agent — not a human — ran the hands-on part on its own. As reported by The Hacker News, the firm Sysdig caught an intruder break into an internet-facing app, lift two cloud credentials, use them to pull an SSH key out of AWS Secrets Manager, and then quietly copy an entire database — the final theft taking under two minutes.

The detail that matters isn’t the specific software that was breached. It’s that the attacker didn’t appear to know the victim’s environment in advance. The AI agent improvised: it read what it found, worked out what to try next, and kept going. That’s the part to sit up for. The thing that has always slowed attackers down is needing a skilled human to learn your particular systems. Automate that, and the effort to turn one exposed service into a full data breach drops through the floor.

For not-for-profits, that shift lands hard. Most NFPs run lean — a handful of cloud tools, a donor database, an online form or two, and no dedicated security team. Under the old maths, “we’re too small to bother with” held up reasonably well. It doesn’t any more. If the effort to attack you is close to zero, your size stops protecting you — and you’re still holding donor and beneficiary data you’re obliged to protect under the Privacy Act.

The fixes are the affordable, unglamorous ones. Don’t put admin dashboards or internal tools straight on the internet — sit them behind a login or VPN. Turn on multi-factor authentication everywhere it’s offered. Keep internet-facing apps patched. And treat your credentials and API keys as the crown jewels: give each one the least access it needs, and know how fast you could rotate them if one leaked. Because these attacks now move in minutes, the question worth putting to your IT provider is blunt — “if a key leaked this morning, how quickly could we kill it?” If the answer is “hours” or “not sure,” that’s your gap.

This is the kind of practical, budget-aware hardening we build into our IT services for not-for-profits. If you’re not sure what of yours is exposed to the internet, that’s the place to start.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →

Posted in NOT-FOR-PROFITS Security

About All IT Services

We’re a leading IT specialist providing premium services and support to businesses across Australia’s eastern seaboard. Our strength lies in our size – big enough to tackle complex projects yet small enough to pick up the phone when you call.  At All IT Services, our approach is refreshingly straightforward - no endless wait times or tech jargon. Just real people with genuine passion and expertise in IT solutions.

CONTACT US